Because the switch acts
as the proxy, the authentication service is transparent to the client. The RADIUS
security system with Extensible Authentication Protocol (EAP) extensions is the only
supported authentication server.
NOTE Whereas the 802.1X standard provides a means for a variety of
authentication protocols and servers, RADIUS has become the de-facto standard
and is the most common method used with Cisco switches.
Controls Physical
Access to the Network
Based on Client
Authentication Status
Requests Access and
Responds to Requests
from Switch
Performs Client
Authentication
Clients
Catalyst
Switch
Authentication
Server
Securing the Expanded Network 75
?– Switch (also called the authenticator): Controls physical access to the network based
on the authentication status of the client. The switch acts as an intermediary (proxy)
between the client (supplicant) and the authentication server, requesting identifying
information from the client, verifying that information with the authentication server,
and relaying a response to the client. The switch uses a RADIUS software agent, which
is responsible for encapsulating and decapsulating the EAP frames and interacting
with the authentication server.
Pages:
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135